GNU bug report logs - #46815
cp integer overflow in progress (time remaining)

Previous Next

Package: coreutils;

Reported by: Ronald Knol <rwjknol <at> gmail.com>

Date: Sat, 27 Feb 2021 16:59:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 46815 in the body.
You can then email your comments to 46815 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-coreutils <at> gnu.org:
bug#46815; Package coreutils. (Sat, 27 Feb 2021 16:59:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Ronald Knol <rwjknol <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Sat, 27 Feb 2021 16:59:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ronald Knol <rwjknol <at> gmail.com>
To: bug-coreutils <at> gnu.org
Subject: cp integer overflow in progress (time remaining)
Date: Sat, 27 Feb 2021 07:35:38 -0800

[Message part 1 (text/plain, inline)]
cp (GNU coreutils) 8.32
CentOS Linux release 7.4.1708 (Core)
kernel 3.10.0-693.17.1.el7.x86_64

I have identified an issue with "cp" where, if more than 2 TiB of data is
being copied, and progress reporting is on, after 2 TiB has been copied the
time remaining overflows.

The output goes like this:

728 files copied so far...                                   2.0 TiB /
4.9 TiB
[============================>                                          ]
41.0 %
Copying at 206.2 MiB/s (about 4h 25m 44s remaining)
...127TE.RDM/A018_A007_0127H2.RDC/A018_A007_0127H2_004.R3D   1.6 GiB /
3.8 GiB
[=============================>                                         ]
42.1 %
728 files copied so far...                                   2.0 TiB /
4.9 TiB
[============================>                                          ]
41.0 %
Copying at 203.1 MiB/s (about 4294967286h 4294967261m 4294967249s remaining)
...127TE.RDM/A018_A007_0127H2.RDC/A018_A007_0127H2_004.R3D   1.7 GiB /
3.8 GiB
[===============================>                                       ]
44.7 %

This is "cp -argu <sourcedir> <destdir>". The source tree contains more
than 2TiB worth of data.

I believe the issue is in src/copy.c where (on line 355) an INT is used to
store "cur_size".

    int cur_size = g_iTotalWritten + *total_n_read / 1024;

When dealing with filesizes and capacities, the largest possible type
should be used, which I believe is a unsigned long long (or __uint64_t).

Note that I also think that usec_elapsed and sec_elapsed should be larger
types than int and double to prevent overflows.

[Message part 2 (text/html, inline)]
Reply sent to Paul Eggert <eggert <at> cs.ucla.edu>:
You have taken responsibility. (Sat, 27 Feb 2021 17:55:02 GMT) Full text and rfc822 format available.
Notification sent to Ronald Knol <rwjknol <at> gmail.com>:
bug acknowledged by developer. (Sat, 27 Feb 2021 17:55:02 GMT) Full text and rfc822 format available.

Message #10 received at 46815-done <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Ronald Knol <rwjknol <at> gmail.com>
Cc: 46815-done <at> debbugs.gnu.org
Subject: Re: bug#46815: cp integer overflow in progress (time remaining)
Date: Sat, 27 Feb 2021 09:54:26 -0800

On 2/27/21 7:35 AM, Ronald Knol wrote:
> This is "cp -argu <sourcedir> <destdir>". The source tree contains more
> than 2TiB worth of data.
> 
> I believe the issue is in src/copy.c where (on line 355) an INT is used to
> store "cur_size".
> 
>      int cur_size = g_iTotalWritten + *total_n_read / 1024;

GNU coreutils 'cp' lacks a 'g' option, and doesn't have the line number 
you mentioned. It sounds like you're dealing with a bug in a modified 
version of 'cp', which means you should direct your bug report to 
whoever made that modification.
Information forwarded to bug-coreutils <at> gnu.org:
bug#46815; Package coreutils. (Sun, 28 Feb 2021 05:34:02 GMT) Full text and rfc822 format available.

Message #13 received at 46815 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Ronald Knol <rwjknol <at> gmail.com>
Cc: 46815 <at> debbugs.gnu.org
Subject: Re: bug#46815: cp integer overflow in progress (time remaining)
Date: Sat, 27 Feb 2021 21:33:00 -0800

On 2/27/21 1:31 PM, Ronald Knol wrote:
> I am looking at "src/cp.c" from coreutils-8.32 and it has command line
> options --progress-bar (aka -g).

coreutils-8.32 doesn't have those options. Apparently you have a 
modified copy. You can verify this by getting the original from:

https://ftp.gnu.org/gnu/coreutils/coreutils-8.32.tar.gz

It would have saved time for both of us if the people who modified your 
copy had changed the package name and bug-reporting address. Once you 
find out who modified your copy, please suggest that to them.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sun, 28 Mar 2021 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 3 years and 30 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.